Aggregates CVE and security vulnerability intelligence across all jdownloads-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Historical issues mainly involve vendor risk sql injection and vendor risk cross-site scripting and related problems; some flaws may lead to vendor impact data exposure and vendor impact session compromise.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2022-27909 | In Joomla component 'jDownloads 3.9.8.2 Stable' the remote user can change some parameters in the address bar and see the names of other users' files | [email protected] | 4.3 | 0.79% | 2022-05-06 | 2026-06-17 |
| CVE-2020-19455 | SQL injection exists in the jdownloads 3.2.63 component for Joomla! via components/com_jdownloads/helpers/categories.php, order function via the filter_order parameter. | [email protected] | 7.5 | 1.05% | 2020-09-25 | 2026-06-16 |
| CVE-2020-19451 | SQL injection exists in the jdownloads 3.2.63 component for Joomla! via com_jdownloads/helpers/jdownloadshelper.php, updateLog function via the X-forwarded-for Header parameter. | [email protected] | 7.5 | 1.05% | 2020-09-25 | 2026-06-16 |
| CVE-2020-19450 | SQL injection exists in the jdownloads 3.2.63 component for Joomla! via com_jdownloads/helpers/jdownloadshelper.php, getUserLimits function in the list parameter. | [email protected] | 7.5 | 1.05% | 2020-09-25 | 2026-06-16 |
| CVE-2020-19447 | SQL injection exists in the jdownloads 3.2.63 component for Joomla! com_jdownloads/models/send.php via the f_marked_files_id parameter. | [email protected] | 7.5 | 1.05% | 2020-09-24 | 2026-06-16 |
| CVE-2018-10068 | The jDownloads extension before 3.2.59 for Joomla! has XSS. | [email protected] | 6.1 | 4.07% | 2018-04-12 | 2026-06-16 |